Mod_Rewrite Forums

by **ton4y** » Thu Nov 29, 2007 12:56 pm

Hi, I have the following code in my .htaccess:

---

#Use PHP 5
AddHandler application/x-httpd-php5 .php

#Turn on magic quotes (against SQL injection)
#php_value magic_quotes_gpc On

#Sym Links

Options +FollowSymLinks

RewriteEngine On

#WWW to NON-WWW Redirection
RewriteCond %{HTTP_HOST} ^www\.g-r-a-s\.eu$
RewriteRule ^.*$ http://g-r-a-s.eu%{REQUEST_URI} [R=permanent,L]

#Index redirection
RewriteRule ^index.(html|htm|asp|aspx|jsp|jspx|cgi|pl|php2|php3|php4|php5|cfm) http://g-r-a-s.eu/gras [R=permanent,L]

#Folder listing
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

#Errors
ErrorDocument 400 http://g-r-a-s.eu/redirect.php?/gras?p=error&code=400
ErrorDocument 401 http://g-r-a-s.eu/redirect.php?/gras?p=error&code=401
ErrorDocument 403 http://g-r-a-s.eu/redirect.php?/gras?p=error&code=403
ErrorDocument 404 http://g-r-a-s.eu/redirect.php?/gras?p=error&code=404
ErrorDocument 500 http://g-r-a-s.eu/redirect.php?/gras?p=error&code=500

#Redirections

#MODS
RewriteRule ^cmd(.*)$ /cmd.mod.php$1
RewriteRule ^gras(.*)$ /gras.mod.php$1

#PHP Functions
RewriteRule function.(.*) http://php.net/$1

#Captcha
RewriteRule lib/captcha/captcha.mp3 /lib/captcha/audio.php
#Mods
RewriteRule mods/(.*) /redirect.php?/gras?p=error&code=403
#FILES
RewriteRule store/(.*) /redirect.php?/gras?p=error&code=403

#Restrictions
RewriteRule lib/captcha/sounds/(.*) /redirect.php?/gras?p=error&code=403
RewriteRule cache/(.*) /redirect.php?/gras?p=error&code=403
RewriteRule sources/(.*) /redirect.php?/gras?p=error&code=403
RewriteRule languages/(.*) /redirect.php?/gras?p=error&code=403
RewriteRule templates/(.*)/index.tpl /redirect.php?/gras?p=error&code=403
RewriteRule templates/(.*)/(.*).php /redirect.php?/gras?p=error&code=403
RewriteRule error.log /redirect.php?/gras?p=error&code=403

#Rewrite rules to block out some common exploits

#Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*$.*$ [OR]

#Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

#Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

#Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

#Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ /gras [F,L]

---

I know that in some places it is pretty lame, but here is my problem.
When i try to open something with these 2 lines:
RewriteRule ^cmd(.*)$ /cmd.mod.php$1
RewriteRule ^gras(.*)$ /gras.mod.php$1
I get Internal Server Error 500
If i put them some modes i can only make the first one work.
But it doesn't matter if that would be the cmd or the gras, just the first line.
After that, the second gives Internal Server Error..
I think that the problem might be in the modes (which i haven't put because i don't really know which is for what) or in the rest of the code, because i'm pretty sure this type of code used to work before.
So please check what is all about and help me if you can.
Thank you in advance!

by **richardk** » Thu Nov 29, 2007 3:09 pm

^cmd(.*)$ matches /cmd.mod.php and it loops.

Try

Code: Select all: Options +FollowSymLinks RewriteEngine On # WWW to NON-WWW Redirection RewriteCond %{HTTP_HOST} ^www\.g-r-a-s\.eu$ RewriteRule .* http://g-r-a-s.eu%{REQUEST_URI} [R=301,L] # Index redirection RewriteRule ^index\.(html?|aspx?|jspx?|cgi|pl|php[2-5]|cfm)$ http://g-r-a-s.eu/gras [R=301,L] # Rewrite rules to block out some common exploits RewriteCond %{QUERY_STRING} base64_encode.*$.*$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (GLOBALS|_REQUEST)(=|\[|\%[0-9A-Z]{0,2}) [NC] RewriteRule .* - [F,L] # Ignore existing files and directories (to stop loops). RewriteCond %{SCRIPT_FILENAME} !-f RewriteCond %{SCRIPT_FILENAME} !-d RewriteRule .* - [L] # MODS RewriteRule ^cmd(.*)$ /cmd.mod.php$1 [QSA,L] RewriteRule ^gras(.*)$ /gras.mod.php$1 [QSA,L] # PHP Functions RewriteRule ^function\.(.+)$ http://php.net/$1 [R,L] # Captcha RewriteRule ^lib/captcha/captcha\.mp3$ /lib/captcha/audio.php [QSA,L] # Restrictions RewriteRule ^(lib/captcha/sounds|cache|sources|languages|mods|store)/(.*)$ /redirect.php?/gras?p=error&code=403 [QSA,L] RewriteRule ^templates/.+/(index\.tpl|.+\.php)$ /redirect.php?/gras?p=error&code=403 [QSA,L] RewriteRule ^error\.log$ /redirect.php?/gras?p=error&code=403 [QSA,L]

by **ton4y** » Fri Nov 30, 2007 9:09 am

Unfortunately it still doesn't help.
I have modified the code in .htaccess to

Code: Select all: AddHandler application/x-httpd-php5 .php Options +FollowSymLinks RewriteEngine On # WWW to NON-WWW Redirection RewriteCond %{HTTP_HOST} ^www\.g-r-a-s\.eu$ RewriteRule .* http://g-r-a-s.eu%{REQUEST_URI} [R=301,L] # Index redirection RewriteRule ^index\.(html?|aspx?|jspx?|cgi|pl|php[2-5]|cfm)$ http://g-r-a-s.eu/gras [R=301,L] # Rewrite rules to block out some common exploits RewriteCond %{QUERY_STRING} base64_encode.*$.*$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (GLOBALS|_REQUEST)(=|\[|\%[0-9A-Z]{0,2}) [NC] RewriteRule .* - [F,L] # Ignore existing files and directories (to stop loops). RewriteCond %{SCRIPT_FILENAME} !-f RewriteCond %{SCRIPT_FILENAME} !-d RewriteRule .* - [L] # MODS RewriteRule ^cmd(.*)$ /cmd.mod.php$1 [QSA,L] RewriteRule ^gras(.*)$ /gras.mod.php$1 [QSA,L] # PHP Functions RewriteRule ^function\.(.+)$ http://php.net/$1 [R,L] # Captcha RewriteRule ^lib/captcha/captcha\.mp3$ /lib/captcha/audio.php [QSA,L] # Restrictions RewriteRule ^(lib/captcha/sounds|cache|sources|languages|mods|store)/(.*)$ /redirect.php?/gras?p=error&code=403 [QSA,L] RewriteRule ^templates/.+/(index\.tpl|.+\.php)$ /redirect.php?/gras?p=error&code=403 [QSA,L] RewriteRule ^error\.log$ /redirect.php?/gras?p=error&code=403 [QSA,L]

as you told me, but now i'm getting Error 404 not found when i try to access
http://g-r-a-s.eu/gras or http://g-r-a-s.eu/cmd

Now it seams that the redirection cmd to cmd.mod.php doesn't work at all... neighter is the ^function\.(.+)$ http://php.net/$1

by **richardk** » Fri Nov 30, 2007 3:33 pm

Try

Code: Select all: Options +FollowSymLinks RewriteEngine On # Rewrite rules to block out some common exploits RewriteCond %{QUERY_STRING} base64_encode.*$.*$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (GLOBALS|_REQUEST)(=|\[|\%[0-9A-Z]{0,2}) [NC] RewriteRule .* - [F,L] # WWW to NON-WWW Redirection RewriteCond %{HTTP_HOST} ^www\.g-r-a-s\.eu$ [NC] RewriteRule .* http://g-r-a-s.eu%{REQUEST_URI} [R=301,L] # Index redirection RewriteRule ^index\.(html?|aspx?|jspx?|cgi|pl|php[2-5]|cfm)$ http://g-r-a-s.eu/gras [NC,R=301,L] # PHP Functions RewriteRule ^function\.(.+)$ http://php.net/$1 [NC,R,L] # Captcha RewriteRule ^lib/captcha/captcha\.mp3$ /lib/captcha/audio.php [QSA,L] # Restrictions RewriteRule ^(lib/captcha/sounds|cache|sources|languages|mods|store)/(.*)$ /redirect.php?/gras?p=error&code=403 [QSA,L] RewriteRule ^templates/.+/(index\.tpl|.+\.php)$ /redirect.php?/gras?p=error&code=403 [QSA,L] RewriteRule ^error\.log$ /redirect.php?/gras?p=error&code=403 [QSA,L] # Ignore existing files and directories (to stop loops). RewriteCond %{SCRIPT_FILENAME} -f [OR] RewriteCond %{SCRIPT_FILENAME} -d RewriteRule .* - [L] # MODS RewriteRule ^cmd(.*)$ /cmd.mod.php$1 [QSA,L] RewriteRule ^gras(.*)$ /gras.mod.php$1 [QSA,L]

by **ton4y** » Sat Dec 01, 2007 8:45 am

Well, i have solved my problem yesterday by myself with this:

Code: Select all: ########################################### ### HTACCESS APACHE CONTROLLER FILE ### ########################################### ### don't fuck with .htaccess!!! ### ########################################### # Use PHP 5 AddHandler application/x-httpd-php5 .php # Turn on magic quotes (against SQL injection) #php_value magic_quotes_gpc On # Sym Links Options FollowSymLinks RewriteEngine On # WWW to NON-WWW Redirection RewriteCond %{HTTP_HOST} ^www\.g-r-a-s\.eu$ RewriteRule .* http://g-r-a-s.eu%{REQUEST_URI} [R=301,L] # Rewrite rules to block out some common exploits RewriteCond %{QUERY_STRING} base64_encode.*$.*$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (GLOBALS|_REQUEST)(=|\[|\%[0-9A-Z]{0,2}) [NC] RewriteRule .* - [F,L] # Index redirection RewriteRule ^index\.(html?|aspx?|jspx?|cgi|pl|php[2-5]|cfm)$ http://g-r-a-s.eu/ [R=301,L] # MODS RewriteRule ^cmd/(.*)$ cmd.mod.php/$1 [L] RewriteRule ^gras/(.*)$ gras.mod.php/$1 [L] # PHP Functions RewriteRule ^function\.(.+)$ http://php.net/$1 [R,L] # Captcha RewriteRule ^lib/captcha/captcha\.mp3$ /lib/captcha/audio.php [QSA,L] # Mod pages RewriteRule ^mods/(.*)$ /redirect.php?/gras/?p=error&code=403 [QSA,L] # FILES RewriteRule ^store/(.*)$ /redirect.php?/gras/?p=error&code=403 [QSA,L] # Restrictions RewriteRule ^(lib/captcha/sounds|cache|sources|languages|mods|store)/(.*)$ /redirect.php?/gras/?p=error&code=403 [QSA,L] RewriteRule ^templates/.+/(index\.tpl|.+\.php)$ /redirect.php?/gras/?p=error&code=403 [QSA,L] RewriteRule ^(.+)\.log$ /redirect.php?/gras/?p=error&code=403 [QSA,L] # Ignore existing files and directories. RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /redirect.php?/gras/?p=error&code=404 [QSA,L] # Errors ErrorDocument 400 http://g-r-a-s.eu/redirect.php?/gras/?p=error&code=400 ErrorDocument 401 http://g-r-a-s.eu/redirect.php?/gras/?p=error&code=401 ErrorDocument 403 http://g-r-a-s.eu/redirect.php?/gras/?p=error&code=403 ErrorDocument 404 http://g-r-a-s.eu/redirect.php?/gras/?p=error&code=404 ErrorDocument 500 http://g-r-a-s.eu/redirect.php?/gras/?p=error&code=500

Anyway thank you for your help

))

Mod_Rewrite Forums

Simple redirection not working

Simple redirection not working

Who is online